Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-04-07 15:13:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
277,794 Commits 618 Branches 98 Tags
Commit Graph

122 Commits

Author SHA1 Message Date
nelsonb%netscape.com
d391504d03 Remove fortezza code from libSSL and from the SSL test programs. 
Stop building fortezza's special software token, and fortezza specific
test programs.   Bug 239960. r=rrelyea.
Modified Files:
    cmd/manifest.mn cmd/platlibs.mk cmd/SSLsample/server.c
    cmd/SSLsample/sslsample.c cmd/modutil/modutil.c
    cmd/selfserv/selfserv.c cmd/sslstrength/sslstrength.c
    cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
    cmd/vfyserv/vfyserv.c cmd/vfyserv/vfyutil.c lib/manifest.mn
    lib/ssl/nsskea.c lib/ssl/preenc.h lib/ssl/prelib.c
    lib/ssl/ssl.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
    lib/ssl/sslauth.c lib/ssl/sslcon.c lib/ssl/sslenum.c
    lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
    lib/ssl/sslsecur.c lib/ssl/sslsnce.c lib/ssl/sslsock.c
    lib/ssl/sslt.h
 2005-08-16 03:42:26 +00:00
nelsonb%netscape.com
7d6edc424d Back out the preceeding fortezza removal patch, which was accidentally 
applied to the trunk, not to the intended branch.
 2005-04-06 21:35:45 +00:00
nelsonb%netscape.com
17a1f014fd Remove fortezza support from libSSL and related commands. Bug 239960. 
ON PERFORMANCE_HACKS_BRANCH.  r=rrelyea.
 2005-04-06 19:43:19 +00:00
nelsonb%netscape.com
d126b39b34 Do not crash if Server SID cache is uninitialized. Bug 237724 r=Julien 
Instead, if SSL_NO_CACHE is not set, return an error code.
 2005-03-09 05:20:44 +00:00
jpierre%netscape.com
a11c975bed Fix for 237934 - nss_InitLock not atomic. r=nelson 2004-06-19 03:21:39 +00:00
gerv%gerv.net
9bd361a285 Bug 236613: change to MPL/LGPL/GPL tri-license. Restore Id: lines. 2004-04-27 23:04:40 +00:00
gerv%gerv.net
3634d4d94b Bug 236613: change to MPL/LGPL/GPL tri-license. 2004-04-25 15:03:26 +00:00
nelsonb%netscape.com
c4b2be519c Add conditionally compiled code for NISCC testing of NSS's SSL library. 
patch by Ian McGreer.  Bugscape bug 53322.
 2004-03-05 23:28:57 +00:00
jpierre%netscape.com
f1a9128ad1 Fix for 235874 - crash in PK11_DigestKey . r=wtc, nelsonb 2004-03-03 03:18:56 +00:00
jpierre%netscape.com
8a6338d551 Rename PK11_PubDeriveExtended to PK11_PubDeriveWithKDF 2004-01-08 01:37:46 +00:00
wchang0222%aol.com
9ccb6b87c5 Made wincx the last argument of PK11_PubDeriveExtended. r=relyea. 
Modified Files: pk11func.h pk11skey.c ssl3con.c
 2003-12-19 23:54:29 +00:00
nelsonb%netscape.com
390b635832 Grow handshake message buffer once per message, not once per each message 
segment received.  Bugscape bug 53418.
 2003-11-05 06:22:57 +00:00
nelsonb%netscape.com
afd97d4f96 Remove one unnecessary transition from the SSL3 state machine. 
Reduce the number of reallocations of the SSL3 handshake message buffer.
Bugscape bugs 53287 and 53337
 2003-10-31 07:01:05 +00:00
nelsonb%netscape.com
9413aae7aa When the SSL_NO_CACHE option is set on an SSL server socket, don't touch 
the server session cache AT ALL.  Bug 222726
 2003-10-19 01:55:50 +00:00
ian.mcgreer%sun.com
5c2c5888f9 ECC code landing. 
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs
 2003-10-17 13:45:42 +00:00
nelsonb%netscape.com
8464dc0bb6 Eliminate unnecessary copying of CA names in HandleCertRequest. 
Bug 204686.
 2003-10-07 02:24:01 +00:00
nelsonb%netscape.com
96f28b4691 Detect Zero length certs and zero length CA names. Bug 204686. 
Also, eliminate unnecessary copying of incoming certs.
 2003-10-03 02:01:18 +00:00
nelsonb%netscape.com
cc8d6b1b9f Eliminate TCP connection reset errors that occur when server requires 
client auth and SSL3 client doesn't authenticate.  The fix is to coalesce
the SSL3 no_certificate alert record with the following records (e.g.
client_key_exchange handshake, change_cipher_spec and finished handshake).
Fix bugs 207313 and 118668.
 2003-05-30 23:22:39 +00:00
jpierre%netscape.com
3609f97d06 Fix for 202348 - check cert & key pointers returned by client auth application callback, to fix crash . r=nelsonb 2003-04-17 02:03:39 +00:00
nelsonb%netscape.com
3f52ba47c1 Changes to enable ECC over characteristic 2^m fields. 
Contribution from Vipul Gupta <Vipul.Gupta@Sun.COM>
Modified Files:
 nss/cmd/strsclnt/strsclnt.c nss/lib/cryptohi/seckey.c
 nss/lib/freebl/blapit.h nss/lib/freebl/ec.c
 nss/lib/freebl/manifest.mn nss/lib/freebl/mpi/Makefile
 nss/lib/softoken/ecdecode.c nss/lib/softoken/pkcs11.c
 nss/lib/ssl/ssl3con.c nss/lib/util/secoid.c
 nss/lib/util/secoidt.h
 2003-03-29 00:18:30 +00:00
wtc%netscape.com
a98f4c0628 Bug 199082: checked in Nelson's patch, which 
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
   returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
	cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
	lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/sslimpl.h lib/ssl/sslsnce.c
 2003-03-26 00:31:13 +00:00
relyea%netscape.com
abfd3a64f2 Make indention style consistant with SSL's usage, not softoken/pk11 usage. 2003-03-13 16:36:43 +00:00
relyea%netscape.com
d9b9435a62 Allow for tokens that don't require login. bug 197082 2003-03-12 19:22:32 +00:00
nelsonb%netscape.com
f87129ad87 Add support for Elliptic Curve Cryptography. Bug 195135. 
Modified Files:
 	cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
 	cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
 	lib/cryptohi/keythi.h lib/cryptohi/seckey.c
 	lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
 	lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
 	lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
 	lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
 	lib/softoken/lowkeyti.h lib/softoken/manifest.mn
 	lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
 	lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
 	lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
 	lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
 	lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
 	lib/util/secoid.c lib/util/secoidt.h
Added Files:
 	lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
 	lib/freebl/ec.h lib/softoken/ecdecode.c
 2003-02-27 01:31:38 +00:00
nelsonb%netscape.com
15064057ce Fix bug 160207. Make TLS implementation resistant to timing attacks on 
CBC block mode cipher suites in TLS.  See bug for details.
 2003-02-21 23:00:16 +00:00
relyea%netscape.com
4c4ce5586d Bug 167756. Address Nelson's review comments. remove socket specific latency 
in favor of a slot specific latency test (already done by pk11wrap code).
 2003-02-15 01:21:25 +00:00
relyea%netscape.com
998b101109 Bug 167756. Clean up previous patch: add lastState field, and set the SSL Error on failure. 2003-01-23 22:02:37 +00:00
relyea%netscape.com
7d03017158 Check for token removal before continuing SSL sessions which have client auth 
with certs associated with that token. bug 167756.
 2003-01-23 17:27:34 +00:00
nelsonb%netscape.com
6b4fae5a4a Don't reject a cert request with an empty list of CA cert names. 
Don't crash with an empty CA name list.
 2002-11-16 03:19:48 +00:00
nelsonb%netscape.com
6710514e32 Fix missing strings that cause crash in SSL_SecurityStatus(). Bug 178342. 2002-11-05 00:25:20 +00:00
wtc%netscape.com
d7b153e145 Bug 127740: added a comment to explain the thread yield in 
ssl3_SendApplicationData.
 2002-09-30 20:51:05 +00:00
jpierre%netscape.com
78ade1e7f9 Fix compiler warnings 2002-09-07 01:48:46 +00:00
nelsonb%netscape.com
644319e67f Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529. 2002-08-09 21:53:17 +00:00
nelsonb%netscape.com
3843ef99c0 Fix bug 160207 by changing the error alerts we send for failed decryption. 2002-08-07 20:01:51 +00:00
relyea%netscape.com
43480112f3 Initialize type field to clear off purify warnings. 2002-06-25 23:00:59 +00:00
nelsonb%netscape.com
071fe9ae9c Fix bug 135261. Create symbolic names for the values 2 and 3 for the 
SSL_REQUIRE_CERTIFICATE option.  Value 2 has always been the default.
New Value 3 is appropriate for servers that want to re-request, but
still not require, client-auth from a client with whom an SSL session
is already established.
 2002-06-22 01:40:32 +00:00
ian.mcgreer%sun.com
607f12501a bug 145322, reduce the number of PKCS#11 sessions used in SSL connections, implement new function PK11_SaveContextAlloc 
r=relyea
 2002-06-19 15:21:37 +00:00
nelsonb%netscape.com
681ff24ca9 1. the sslSecurityInfo and sslGather structs are now part of the sslSocket 
rather than being pointed to by the sslSocket.  This reduces the number
of malloc/free calls, and greatly reduces pointer fetches, and null
pointer checks.  sslGather and sslSecurityInfo are separately initialized.
2. SSL_ResetHandshake no longer deallocates and reallocates the sslSecurityInfo and all its subcomponents.
3. Many places that formerly did not check for memory allocation failures
now do check, and do the right thing when allocation failed.
 2002-02-27 04:40:17 +00:00
nelsonb%netscape.com
494eb9ffcc Plug one of the leaks reported in bugzilla bug 123081 2002-02-04 23:15:11 +00:00
jpierre%netscape.com
4b50e9da08 Fix 114787 - ssl_recv crashes in client. bogus assert. reviewed by nelson 2001-12-12 21:44:04 +00:00
relyea%netscape.com
75f3b7599d Clean up compilier warnings on Solaris and Linux, most particularly: 
1) Implicit declaration of function.
2) Possibly unitialized variables.

These warnings have indicated some real problems in the code, so many changes
are not just to silence the warnings, but to fix the problems. Others were
inocuous, but the warnings were silenced to reduce the noise.
 2001-12-07 01:36:25 +00:00
nelsonb%netscape.com
6d66aee5ea Add localCert field to sid cache entry so SSL_LocalCertificate can 
remember the certs it sent back when it established the SSL session.
Bug 78959.  Also, hold on the certs in the received cert chain until
the SSL connection is complete.  This makes it easier for applications
to look at the entire cert chain after the handshake is over without
having to write their own custom authCert callbacks.  It is backwards
compatible with older NSS SSL applications, but may use more memory.
 2001-11-09 05:39:36 +00:00
nelsonb%netscape.com
d2f7dcc16c Implement new function SSL_LocalCertificate(). Bug 78959. 2001-11-08 02:15:38 +00:00
relyea%netscape.com
e27189dd1d Land BOB_WORK_BRANCH unto the tip. 
remove lots of depricated files.
move some files to appropriate directories (pcertdb *_rand
associated headers to soft token, for instance)
rename several stan files which had the same name as other nss files.
remove depricated functions.
 2001-11-08 00:15:51 +00:00
nelsonb%netscape.com
9740e66d2f Reimplement SSL_GetChannelInfo. Add new function SSL_GetCipherSuiteInfo(). 
Also, implement new ciphersuite preference order.  Bug 78959.
 2001-11-02 04:24:28 +00:00
nelsonb%netscape.com
874e400e1a Fix bug 107619. The new DHE_ ciphersuites were enabled by default. 
Now they are disabled by default, for compatibility with NSS 2.0.
 2001-10-30 21:09:47 +00:00
nelsonb%netscape.com
a2bae99930 Add support to TLS for new 128-bit and 256-bit AES ciphersuites. 87021. 2001-09-21 03:07:35 +00:00
relyea%netscape.com
d62c65c9a6 Remove dependancy on direct calls inside softoken. 2001-09-20 21:26:40 +00:00
nelsonb%netscape.com
0e45538807 Implement new function SSL_GetChannelInfo(). Bugzilla bug 78959. 2001-09-18 01:59:21 +00:00
wtc%netscape.com
4ba020ddd2 Bugzilla bug 94685: deleted the unreferenced label 'no_wrapped_key'. 2001-08-22 23:15:45 +00:00